$pathsToScan = @("C:\Users", "C:\ProgramData", "C:\Scripts", "C:\Windows")
# Output to CSV
$logPath = "$env:Temp\WMICFiles_$(hostname).csv"
# Output to Display
#$logPath = ""
$results = @()

foreach ($path in $pathsToScan) {
  if (Test-Path $path) {
    Get-ChildItem -Path $path -Recurse -File -ErrorAction SilentlyContinue |
      Where-Object { $_.Extension -match '\.bat$|\.cmd$|\.ps1$|\.vbs$|\.wsf$|\.js$' } |
        ForEach-Object {
          Write-Host "Target file: "$_.FullName
          try {
            $content = Get-Content -Path $_.FullName -ErrorAction Stop -Raw
            if ($content -match '(?i)wmic(\.exe)? ') {
              $results += [PSCustomObject]@{
                FullName      = $_.FullName
                LastWriteTime = $_.LastWriteTime
                Length        = $_.Length
              }
            }
         } catch {
           Write-Host "File open failed: "$_.FullName
         }
      }
   }
}
if ($results.Count -gt 0) {
  if ($logPath -eq "") {
    $results
  } else {
    $results | Export-Csv -Path $logPath -NoTypeInformation -Encoding UTF8
    Write-Output "Output to: $logPath"
  }
} else {
    Write-Output "No target file containing the WMIC command was found."
}